On Tue, Dec 18, 2012 at 6:52 AM, Jonathan Holloway
<jonathan.holloway_at_gmail.com> wrote:
> Hi all,
>
> I was wondering what is required to implement an alternative authorization
> mechanism (aside from the authz approach) possibly using MySQL or another
> database?
svn+ssh works pretty well, and avoids the "storing password in plain
text for Linux clients" problem.
Any authentication technology for HTTPS based access which links to a
more central authentication system with stored passwords is at risk of
users using the same password for other applications, such as email or
login, and leaving their passwords stored in clear text in
$HOME/.subversion/.
> I'm aware of setting up Subversion with Apache using mod authz_svn_db.
>
> http://web.fhnw.ch/technik/projekte/i/fruehling09/BieliHaller/downloads/downloads/Dokumente/PDF/AdminGuide.pdf
>
> but I'm interested in whether anybody has done this without Apache via some
> Subversion code changes?
Possibly, but it suffers from the issues I just mentioned. Unless you
have high confidence in local filesystem security, and can assure that
passwords used in the LDAP or database are not used elsewhere, you
face exactly this security issue.
(Note that I'm really a broken record about this. Many Subversion
users and admins have confidence in their local filesystems. Due to
NFS home directories and offsite backups, I have no such confidence.)
Received on 2012-12-19 04:48:40 CET